summaryrefslogtreecommitdiff
path: root/profiles/usr.sbin.kopano-search
blob: 6ee700b87822fb0ab58a10dfecf7a73ce1912ade (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# Last Modified: Fri Sep  8 14:49:47 2017
#include <tunables/global>

/usr/sbin/kopano-search {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/python>
  #include <abstractions/user-tmp>

  capability chown,
  capability dac_override,
  capability dac_read_search,
  capability setgid,
  capability setuid,

  @{PROC}/@{pid}/cmdline r,
  @{PROC}/@{pid}/mounts r,
  @{PROC}/@{pid}/status r,
  @{PROC}/@{pid}/task/@{tid}/comm rw,

  deny /usr/lib/python2.7/dist-packages/kopano_search/*.pyc w,

  # FIXME: it would be nice if search would use search- like pa
  /dev/shm/* rwl,

  /etc/gss/mech.d/ r,
  /etc/gss/mech.d/*.conf r,

  /lib/x86_64-linux-gnu/ld-*.so mr,
  /usr/bin/python2.7 ix,
  /usr/sbin/kopano-search r,

  /etc/kopano/search.cfg r,

  /bin/dash Pix,
  /bin/rm Pix,
  /sbin/ldconfig Pix,

  /etc/mapi/ r,
  /etc/mapi/kopano.inf r,
  /etc/mapi/zcontacts.inf r,

  /run/kopano/search.pid rw,
  /run/kopano/search.pid.lock lrw,
  /run/kopano/search.sock rw,
  /run/kopano/*.*-* rw,

  /var/lib/kopano/search/** rwlk,
  /var/log/kopano/search.log rw,
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-30 14:32:30 +0000